In some situations, Windows 10 will disable third party anti-malware products.

Share this story

Billionaire Russian anti-virus developer Eugene Kaspersky has penned an angry blog post titled "That's It. I've Had Enough!" to complain about Microsoft and Windows 10. Specifically, Kaspersky argues that the way Microsoft bundled Defender with Windows 10 is anti-competitive: he says that Microsoft has created obstacles to third-party products and is acting against the interests of the developers of third-party security software.

Accordingly, Kaspersky says that he has filed complaints with competition authorities in the EU and Russia. He asks that they force Microsoft to cease the behavior he feels is anti-competitive.

Microsoft has integrated anti-malware software to ensure that every Windows system has a basic level of protection without requiring any additional third-party purchases or installations. Here's how the Microsoft setup works, and the way it has worked since Windows 8: built-in MS anti-malware software automatically disables itself if it detects a third-party product is installed and up-to-date. Microsoft chose this behavior to keep its OEM partners happy, since many of them depend on kickbacks from pre-installed third-party antivirus software.

If the third-party product expires, Windows will show warnings for a few days. If the user does nothing after this period, the expired product gets disabled, and Defender turns on.

In his post, Kaspersky complains about a number of specific Windows 10 behaviors that he views as problematic.

First, when upgrading to Windows 10, the operating system detects certain unsupported antivirus programs and uninstalls them as part of the upgrade process. Even if the user elects to "Keep personal files and apps" during the upgrade, anti-malware software won't make the cut.

Further, Kaspersky argues that when Windows 10 and its subsequent major updates were released, antivirus developers had no real opportunity to develop compatible software. Only a handful of days separated a release hitting the Insider Program and shipments to end users. Microsoft has, in fact, shipped a warning with recent Insider Preview builds that the builds are not compatible with certain third-party antivirus software and that third party software will be removed.

To remedy this, Kaspersky demands that regulators force Microsoft to "provide new versions and updates of Windows to independent developers in good time so they can maintain compatibility of their software to Windows." It's not clear why, and Kaspersky does not explain why, the Insider Preview program does not adequately fill this role. Other developers, both of software and hardware device drivers, have used the Insider Previews to ensure that their software works correctly with each major release of Windows 10 at launch.

Second, Kaspersky wants the install/upgrade behavior to change. He wants Windows to be more explicit that installation will remove incompatible third-party anti-malware software. He also wants Windows to specifically recommend the installation of compatible third-party versions after the upgrade. Currently, the clear notification that incompatible software has been removed during the upgrade is only shown after the upgrade has occurred.

This change would likely appeal to a wide range of third-party developers. Anti-malware isn't the only software that is regularly detected as incompatible; other applications, such as certain VPN clients and system maintenance utilities, suffer the same fate.

The final MS behavior that Kaspersky criticizes is a subtlety of the way Windows defaults to Defender. Windows' method has two prongs. The first: Windows warning screens encourage users to enable Defender—an act that disables third-party products—even if the third-party product is currently active and up-to-date.

Enlarge/ Clicking that yellow button turns on Defender and disables third-party antivirus, even if the third-party antivirus is working correctly and up-to-date.

The second is a somewhat contrived situation. Let's say a user with a third-party antivirus application installs a trial of a second third-party application which temporarily disables the first application. At the expiration of that trial, Windows reverts not to the first third-party application, but instead to Defender. To address this, Kaspersky wants Windows to always explicitly ask before enabling Defender.

Kaspersky's blog post paints Microsoft's decisions around Defender as part of a broader effort to squeeze out third-party developers. Kaspersky claims this squeeze-out is harmful to Windows users and suggests that antivirus software is simply following in the footsteps of browsers and multimedia apps (both of which have caused regulatory issues for Microsoft in the past). He claims that not only are third-party developers suffering as a result of Microsoft's decisions, but so too are Windows users. In his eyes, Microsoft is building a "totalitarian/police-state platform in which there's no place for independent developers or freedom of choice for users."

Regardless of how regulators respond, one thing is clear: they won't move fast enough to change anything any time soon, because they never do. Past remedies, such as "Windows N," which shipped without Media Player to appease EU regulators after they fined the company €497 million (£395 million/$784 million), served no demonstrable purpose at all, as nobody bothered to actually use them, unsurprisingly preferring the version of Windows that retained Media Player.

One of Kaspersky's proposed remedies—delaying the release of major Windows updates to give antivirus developers more time to update—feels positively anti-consumer, as it means delaying the availability of bug fixes, security updates, and new features.

Even requiring explicit user confirmation before enabling Defender seems hard to justify: if anti-malware software is as essential to safe computing as anti-malware software companies would have us believe, it should run by default, without user intervention, to ensure that protection is in place. An explicit confirmation means that some users will be left unprotected and exposed, and this does not seem beneficial.

On the other hand, the above screenshot looks ominous and is likely to encourage Windows users to unwittingly switch from third-party products to Defender. It's hard to see how this is a desirable piece of design. Similarly, the way installing Windows quietly uninstalls incompatible applications has frustrated many users. Being more explicit about compatibility issues early in the upgrade process will allow upgraders to make more informed decisions.

As well as calling for regulators to take action, Kaspersky calls for independent software developers to "form a united front and all fight together" against Microsoft.